Abstract
The proliferation of group-centric computing and communication motivates the need for mechanisms to provide group access control. Group access control includes mechanisms for admission as well as revocation/eviction of group members. Particularly in ad hoc groups, such as peer-to-peer (P2P) systems and mobile ad hoc networks (MANETs), secure group admission is needed to bootstrap other group security services. In addition, secure membership revocation is required to evict misbehaving or malicious members. Unlike centralized (e.g., multicast) groups, ad hoc groups operate in a decentralized manner and accommodate dynamic membership which make access control both interesting and challenging. Although some recent work made initial progress as far as the admission problem, the membership revocation problem has not been addressed.
In this paper, we develop an identity-based group admission control technique which avoids certain drawbacks of previous (certificate-based) approaches. We also propose a companion membership revocation mechanism. Our solutions are robust, fully distributed, scalable and, at the same time, reasonably efficient, as demonstrated by the experimental results.
This work was supported in part by an award from the Army Research Office (ARO) under contract W911NF0410280 and a grant from SUN Microsystems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Douceur, J.R.: The Sybil Attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, p. 251. Springer, Heidelberg (2002)
Steiner, M., Tsudik, G., Waidner, M.: Key Agreement in Dynamic Peer Groups. IEEE Transactions on Parallel and Distributed Systems (2000)
Steiner, M., Tsudik, G., Waidner, M.: Cliques: A new approach to group key agreement. IEEE Transactions on Parallel and Distributed Systems (2000)
Hu, Y.C., Perrig, A., Johnson, D.B.: Ariadne: A secure on-demand routing protocol for ad hoc networks. In: Proceedings of the Eighth ACM International Conference on Mobile Computing and Networking (Mobicom 2002) (2002)
Perrig, A., Szewczyk, R., Wen, V., Culler, D., Tygar, J.D.: Spins: Security protocols for sensor networks. In: Mobile Computing and Networking (2001)
Hamilton, A.: Playing in the dark: The heat is on, and music swappers are taking their business underground. TIME Magazine (2003)
Biddle, P., England, P., Peinado, M., Willman, B.: The darknet and the future of content distribution. In: ACM Workshop on Digital Rights Management (2002)
Kong, J., Luo, H., Xu, K., Gu, D.L., Gerla, M., Lu, S.: Adaptive Security for Multi-level Ad-hoc Networks. Journal of Wireless Communications and Mobile Computing (WCMC) 2, 533–547 (2002)
Kong, J., Zerfos, P., Luo, H., Lu, S., Zhang, L.: Providing Robust and Ubiquitous Security Support for MANET. In: IEEE 9th International Conference on Network Protocols (ICNP) (2001)
Kim, Y., Mazzocchi, D., Tsudik, G.: Admission Control in Peer Groups. In: IEEE International Symposium on Network Computing and Applications (NCA) (2003)
Saxena, N., Tsudik, G., Yi, J.H.: Admission Control in Peer-to-Peer: Design and Performance Evaluation. In: ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), pp. 104–114 (2003)
Narasimha, M., Tsudik, G., Yi, J.H.: On the Utility of Distributed Cryptography in P2P and MANETs: The Case of Membership Control. In: IEEE 11th International Conference on Network Protocol (ICNP), pp. 336–345 (2003)
Ohta, K., Micali, S., Reyzin, L.: Accountable Subgroup Multisignatures. In: ACM Conference on Computer and Communications Security, pp. 245–254 (2001)
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust Threshold DSS Signatures. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354–371. Springer, Heidelberg (1996)
Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)
Saxena, N., Tsudik, G., Yi, J.H.: Access Control in Ad Hoc Groups. In: International Workshop on Hot Topics in Peer-to-Peer Systems (HOT-P2P) (2004)
Luo, H., Kong, J., Zerfos, P., Lu, S., Zhang, L.: URSA: Ubiquitous and Robust Access Control for Mobile Ad Hoc Networks. IEEE/ACM Transactions on Networking (ToN) (2004) (to appear), available online at http://www.cs.ucla.edu/wing/publication/publication.html
Jarecki, S., Saxena, N., Yi, J.H.: An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol. In: ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN) (2004)
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust and Efficient Sharing of RSA Functions. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 157–172. Springer, Heidelberg (1996)
Barr, K., Asanovic, K.: Energy Aware Lossless Data Compression. In: International Conference on Mobile Systems, Applications, and Services (MobiSys) (2003)
Boldyreva, A.: Efficient threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)
Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)
Feldman, P.: A Practical Scheme for Non-interactive Verifiable Secret Sharing. In: 28th Symposium on Foundations of Computer Science (FOCS), pp. 427–437 (1987)
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 295. Springer, Heidelberg (1999)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press series on discrete mathematics and its applications (1997) ISBN 0-8493-8523-7
Balfanz, D., Durfee, G., Shankar, N., Smetters, D., Staddon, J., Wong, H.C.: Secret Handshakes from Pairing-Based Key Agreements. In: IEEE Symposium on Security and Privacy, pp. 180–196 (2003)
Cha, J., Cheon, J.: An ID-based signature from Gap-Diffie-Hellman Groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)
Kocher, P.C.: On Certificate Revocation and Validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Myersand, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: Online Certificate Status Protocol - OCSP. RFC 2560, IETF (1999)
OpenSSL Project, http://www.openssl.org/
MIRACL Library, http://indigo.ie/~mscott/
The Gnutella Protocol Specification v0.4, http://www.clip2.com/GnutellaProtocol04.pdf
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–369. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Saxena, N., Tsudik, G., Yi, J.H. (2005). Identity-Based Access Control for Ad Hoc Groups. In: Park, Cs., Chee, S. (eds) Information Security and Cryptology – ICISC 2004. ICISC 2004. Lecture Notes in Computer Science, vol 3506. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11496618_27
Download citation
DOI: https://doi.org/10.1007/11496618_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26226-8
Online ISBN: 978-3-540-32083-8
eBook Packages: Computer ScienceComputer Science (R0)